After months of rigorous review into Murj’s internal security policies, practices, and procedures—as well as business operations, protocols, data protection systems, and methodologies—Murj has again achieved SOC 2 compliance. This accomplishment not only demonstrates our long-standing commitment to prioritizing the security of clinic data above all else, but affirms our ability to deliver secure, redundant, and robust cloud-based cardiac device management software to our customers.
So what does this all mean and why does it matter? Let’s take a deeper dive into SOC 2 compliance.
What is SOC 2?
Systems and organization controls (SOC) 2 compliance is a globally recognized security audit, designed and regulated by the American Institute of Certified Public Accountants (AICPA) to help ensure service organizations—especially those that are cloud-based—provide a safe operating environment to securely manage and protect privacy and data.
SOC 2 compliance involves implementing a variety of security practices and policies that are applicable to your organization and then completing an audit by an independent, third-party auditor.
Rather than a cybersecurity assessment that evaluates specific technical configurations, a SOC 2 report focuses more on how an organization implements and manages controls to mitigate specific risks to different parts of an organization.
The SOC 2 audit testing framework is based on the AICPA’s Trust Services Criteria (TSC), which are used to identify risks an organization should consider addressing.
In order to pass a SOC 2 examination and receive a letter of attestation, an organization must demonstrate that it has implemented controls in information security, access control, vendor management, system backup, business continuity and disaster relief, and more.
Why CIED clinics should partner with SOC 2-compliant vendors
Cardiac device technology vendors handle significant amounts of sensitive patient information. In order to preserve the integrity of this information and keep it secure, it’s essential that these organizations implement policies, procedures, and best practices when it comes to handling patient information. Simply put, keeping patient information safe and secure should be top of mind for all healthcare technology organizations.
When you partner with a healthcare technology vendor, you want assurance that your patient data will be handled according to the strictest IT security standards. A successful SOC 2 audit represents a stamp of approval, and guarantees that a vendor adheres to the best practices, policies, and procedures that govern the safe management of patient data.
In accordance with AICPA’s TSC, SOC 2 compliance ensures vendors meet specific security requirements. Information and systems must be protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise availability, integrity, confidentiality, and privacy.
Murj and SOC 2
Advanced cybersecurity is a cornerstone of our engineering and design process, and achieving SOC 2 certification for the fourth consecutive year is evidence that we continue to deliver on that commitment.
Reed Gaither Murj co-founder and chief operating officer (COO)
Data safety and security is top of mind at Murj. We invest heavily in a secure cloud infrastructure that is monitored and maintained 24/7, ensuring patient information is protected at all times. A big part of this investment is our commitment to ensuring our security practices are in line with the latest professional standards.
In 2022, we successfully completed a SOC 2 audit for the fourth consecutive year. This analysis validates Murj software as a safe and secure cardiac device management solution.
A-LIGN, a trusted security and compliance organization, has conducted each of the Murj SOC 2 audits. Murj previously completed successful SOC 2 audits with A-LIGN in 2019, 2020, and 2021.
A-LIGN is a technology-enabled security and compliance partner trusted by more than 2,500 global organizations to help mitigate cybersecurity risks. A-LIGN uniquely delivers a single-provider approach as licensed SOC 1 and SOC 2 Assessor, accredited ISO 27001, ISO 27701, and ISO 22301 Certification Body, HISTRUST CSF Assessor firm, accredited FedRAMP 3PAO, candidate CMMC C3PAO, and Qualified Security Assessor Company. Working with small businesses to global enterprises, A-LIGN experts and its proprietary compliance management platform, A-SCEND, are transforming the compliance experience.
Security is a priority
Murj prioritizes the safety and security of clinic patient data and we take no shortcuts. Want to learn more about our platform security? Connect with us today.